Skip to content
master
Go to file
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
bin
 
 
lib
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

README.md

Gratan

Gratan is a tool to manage MySQL permissions.

It defines the state of MySQL permissions using Ruby DSL, and updates permissions according to DSL.

Gem Version Build Status

Notice

  • >= 0.3.0
    • Support template
  • >= 0.3.1
    • Fix <secret> password

Installation

Add this line to your application's Gemfile:

gem 'gratan'

And then execute:

$ bundle

Or install it yourself as:

$ gem install gratan

Usage

gratan -e -o Grantfile
vi Grantfile
gratan -a --dry-run
gratan -a

Help

Usage: gratan [options]
        --host HOST
        --port PORT
        --socket SOCKET
        --username USERNAME
        --password PASSWORD
        --database DATABASE
    -a, --apply
    -f, --file FILE
        --dry-run
    -e, --export
        --with-identifier
        --split
        --chunk-by-user
    -o, --output FILE
        --ignore-user REGEXP
        --target-user REGEXP
        --ignore-object REGEXP
        --enable-expired
        --ignore-not-exist
        --ignore-password-secret
        --skip-disable-log-bin
        --override-sql-mode
        --use-show-create-user
        --no-color
        --debug
        --auto-identify OUTPUT
        --csv-identify CSV
        --mysql2-options JSON
    -h, --help

A default connection to a database can be established by setting the following environment variables:

  • GRATAN_DB_HOST: database host
  • GRATAN_DB_PORT: database port
  • GRATAN_DB_SOCKET: database socket
  • GRATAN_DB_DATABASE: database database name
  • GRATAN_DB_USERNAME: database user
  • GRATAN_DB_PASSWORD: database password

Grantfile example

require 'other/grantfile'

user "scott", "%" do
  on "*.*" do
    grant "USAGE"
  end

  on "test.*", expired: '2014/10/08', identified: "PASSWORD '*ABCDEF'" do
    grant "SELECT"
    grant "INSERT"
  end

  on /^foo\.prefix_/ do
    grant "SELECT"
    grant "INSERT"
  end
end

user "scott", ["localhost", "192.168.%"], expired: '2014/10/10' do
  on "*.*", with: 'GRANT OPTION' do
    grant "ALL PRIVILEGES"
  end
end

Use template

template 'all db template' do
  on '*.*' do
    grant 'SELECT'
  end
end

template 'test db template' do
  grant context.default

  context.extra.each do |priv|
    grant priv
  end
end

user 'scott', 'localhost', identified: 'tiger' do
  include_template 'all db template'

  on 'test.*' do
    context.default = 'SELECT'
    include_template 'test db template', extra: ['INSERT', 'UPDATE']
  end
end

Run tests

bundle install
docker-compose up -d
bundle exec rake
# MYSQL57=1 bundle exec rake

Similar tools

What does "Gratan" mean?

About

Gratan is a tool to manage MySQL permissions. It defines the state of MySQL permissions using Ruby DSL, and updates permissions according to DSL.

Resources

License

Packages

No packages published

Languages

You can’t perform that action at this time.